From d0f7eae34afe6df57573d57c0d9ac2e0388e743c Mon Sep 17 00:00:00 2001 From: Bogdan Sava Date: Mon, 27 Mar 2023 10:34:13 +0300 Subject: [PATCH 1/2] change cors configuration add /api/token2 uri mapping for json payload Signed-off-by: Bogdan Sava Signed-off-by: Nigel Jones --- .../springboot/api/AuthController.java | 14 ++++++---- .../springboot/auth/SecurityConfig.java | 26 +++++++------------ 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java index e30e9088c0a..d6456a5e2d5 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java @@ -4,21 +4,18 @@ import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.model.LoginRequest; import org.odpi.openmetadata.userinterface.uichassis.springboot.auth.service.TokenService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @RestController public class AuthController { - private static final Logger LOG = LoggerFactory.getLogger(AuthController.class); - private final TokenService tokenService; private final AuthenticationManager authenticationManager; @@ -27,11 +24,18 @@ public AuthController(TokenService tokenService, AuthenticationManager authentic this.authenticationManager = authenticationManager; } - @PostMapping("/api/token") + @PostMapping("/api/token2") public String token(@RequestBody LoginRequest userLogin) throws AuthenticationException { Authentication authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(userLogin.username(), userLogin.password())); return tokenService.generateToken(authentication); } + @PostMapping("/api/token") + public String token(@RequestParam String username, @RequestParam String password) throws AuthenticationException { + Authentication authentication = authenticationManager + .authenticate(new UsernamePasswordAuthenticationToken(username, password)); + return tokenService.generateToken(authentication); + } + } diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java index 13a0ccbde25..9ef35bcfee1 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/auth/SecurityConfig.java @@ -26,11 +26,9 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtEncoder; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.CorsConfigurationSource; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; -import java.util.Arrays; import java.util.List; /** @@ -76,22 +74,18 @@ JwtDecoder jwtDecoder() throws JOSEException { } /** - *Returns CorsConfigurationSource the cors configuration + *Returns WebMvcConfigurer for the cors configuration * The bean is based on springboot configuration property cors.allowed-origins */ @Bean @ConditionalOnProperty(value = "cors.allowed-origins") - CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration configuration = new CorsConfiguration(); - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - if( allowedOrigins!=null && !allowedOrigins.isEmpty()) { - configuration.setAllowedOrigins(allowedOrigins); - configuration.setAllowedMethods(Arrays.asList("GET","POST")); - configuration.addExposedHeader("x-auth-token"); - configuration.setAllowedHeaders(Arrays.asList("content-type","x-auth-token")); - source.registerCorsConfiguration("/**", configuration); - } - return source; + public WebMvcConfigurer corsConfigurer() { + return new WebMvcConfigurer() { + @Override + public void addCorsMappings( CorsRegistry registry ) { + registry.addMapping("/**").allowedOrigins(allowedOrigins.toArray(new String[]{})); + } + }; } @Bean From 96ddd02ed44cebedfee2bd962523fb01fce989b1 Mon Sep 17 00:00:00 2001 From: Bogdan Sava Date: Mon, 27 Mar 2023 11:21:27 +0300 Subject: [PATCH 2/2] add params filter for /api/token uri Signed-off-by: Bogdan Sava Signed-off-by: Nigel Jones --- .../uichassis/springboot/api/AuthController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java index d6456a5e2d5..f04702d3c32 100644 --- a/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java +++ b/open-metadata-implementation/user-interfaces/ui-chassis/ui-chassis-spring/src/main/java/org/odpi/openmetadata/userinterface/uichassis/springboot/api/AuthController.java @@ -24,14 +24,14 @@ public AuthController(TokenService tokenService, AuthenticationManager authentic this.authenticationManager = authenticationManager; } - @PostMapping("/api/token2") + @PostMapping("/api/token") public String token(@RequestBody LoginRequest userLogin) throws AuthenticationException { Authentication authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(userLogin.username(), userLogin.password())); return tokenService.generateToken(authentication); } - @PostMapping("/api/token") + @PostMapping(value = "/api/token", params = {"username","password"}) public String token(@RequestParam String username, @RequestParam String password) throws AuthenticationException { Authentication authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken(username, password));